
This is an encrypted protocol that runs on top of IRC.
This version has a binary and an ircII script, and is
designed to run within IRC-II (irc clients).

This is release 1.0, the first general release.  It is 
incompatible to pre-release versions since the encryption
was changed from DES to triple-DES.  Also RSA keys must
be longer than the ones created by the last version since
Triple-DES keys are three times longer (so any old RSA
keys are no longer any good).

If you want a tiny (stand-alone) client, read README.old

GENERAL DESCRIPTION:
---------------------

Interfaces to ircII clients through the scripting language.
Encrypts messages in Triple-DES.
Keeps a table of Triple-DES keys.
Allows for key exchange using the RSA encryption algorithm.


HOW DO I SET IT UP?
--------------------

1.  set-up your ircII client.  Hopefully you already have 
    this done

2.  compile all the binaries you will need:
       make all    
    this will make the binary 'new' and generate your
    keys.  Alternatively you can do them seperately:
       make new
     and
       make keys
    this may come in handy later if you wish to make a new
    RSA key, or if you wish to remake 'new' without changing
    your key.
    The file names used for your keys will be printed to your
    screen:  "secret" for your secret key and another one named
    after your login or $IRCNAME (or "public" if the script
    cant determine either of those).  

3.  Send your public key (named after your IRCNICK ) to your
    friends, heck even your enemies... doesnt hurt.  Security
    does not depend much on this key (having this key shouldnt
    help the bad guys decrypt your messages).   You can do this
    a number of ways:  mail and '/dcc send' (within irc) are
    two of them.

4.  If you have a directory with your friends public keys
    set up an environmental pointing to them.  This is
    done differently in CSH and SH :
     CSH%  setenv KEYDIR /path/to/key/dir
      SH$  KEYDIR=/path/to/key/dir
      SH$  export KEYDIR
    alternatively put all your keys into a directory named
    "pubkeys" under the current directory.  This directory
    always gets checked.

5.  Start-up irc now.

6.  Once in load up the script file.  While loading the script
    you *must* be in the same directory as the binary 'new'
    the files 'secret' and all the secret keys!  You can
    do this by either starting IRC from within the directory,
    or using the IRCII command /cd directory to get there.

         /load crypt.irc

   (note due to discrepencies in scripting in newer IRCII
    clients there are two versions of the script.  Users
    using older ircII clients should use "crypt.irc" and
    those using newer (I believe 2.2.4 and onward) should
    use "crypt.irc2" )

7.  You should now be ready to encrypt and receive encrypted
    messages.  Join a channel with someone else who has encryption
    and send them your key:

         /join #crypto
         /key myfriend

     this will send them your (random) DES key and allow them
     to see you.  When you send them encrypted messages now,
     it will be automatically decrypted on their end and put up
     on the screen with an E before it.

     To send an encrypted message to the current channel type
         /e message here
     Or to make all your messages encrypted:
         /crypt
     To undo that:
         /plain
     And to send plaintext messages while encrypted:
         /p message here
     To send encrypted messages:
         /emsg nick message here

For details on what goes on behind the scene,  the protocol
specifics, or anything more detailed than this, see 
README.old which refers to a previous (standalone) encrypted
client.


WATCH OUT FOR:
--------------

-  if you dont want someone to see you: DONT /KEY THEIRNICK !!!
   anyone you /key can read what you type

-  if you want someone to see you:  /key theirnick !!!
   while encrypted, only the people you have /key'ed can
   see what you type.  (And only then if they have the
   client)

-  dont piss people off!  Anyone who does not run this program
   will see *alot* of garbage on their screen while you are
   sending encrypted messages to their channel!  Please keep
   encryption in channels were people have encrypted clients.

-  the /crypt and /plain  alias's use /query.   If you are /query'ing
   someone and type either /crypt or /plain it will cancel your
   old /query.  If you are encrypted (/crypt) and you /query
   someone else it will take yout out of auto-encryption.  You
   can tell when you are encrypted by the [query: %crypt] in
   the title bar (if you have a title bar :)

-  only messages that are sent with "/e" or "/emsg" or while
   in "/crypt" mode are encrypted.  Not everything you type
   after "/load crypt.irc" is encrypted.

-  If you wish to reload the program, or stop it use /die.  This
   will stop the server program ('new') and remove any /query's
   that are in effect (in case you where /crypt'ed).  


WEAKNESSES:
-----------

Security of all messages you type in any one session depends
on the secrecy of your Triple-DES key and the security of
that algorithm.

Security of any key exchanges depends on the RSA algorithm and
the secrecy of your "secret" secret key file.  The keys generated
are aproximately 512 bits long,  but the random numbers are all
taken from the rand() system call.  This is a possible weakness.
 
As usual anything you do on another persons machine is not totally
secure.  Root can peek at your core image which has all the
secret keys as well as some extra plaintext laying around.  Root
could go as far as to watch the pipe between irc and the 'new'
binary.  If you are dialing up and go through a Terminal Server
you could be monitored at that point, or comming over the
network.

----
enjoy..  distribute freely.  Feel free to add, give suggestions,
etc.
  
